GP Connect
(asked on 9th December 2025) - View Source
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps are his department taking to ensure the that upcoming GP Connect requirements support confidentiality and data integrity.
GP Connect helps clinicians to gain access to general practice (GP) patient records during interactions away from a patient’s registered practice and makes their medical information available to appropriate health and social care professionals when and where they need it, to support the patient’s direct care. From a privacy, confidentiality, and data protection perspective, GP Connect provides a method of secure information transfer and reduces the need to use less secure or less efficient methods of transferring information, such as email or telephone.
Access to GP Connect is governed by role-based access and organisational controls, and only people who need to see the GP patient record for a patient’s direct care should be able to see it. Data integrity is ensured by the GP Connect Application Programming Interface sharing an accurate, consistent, and real time complete copy of specific data held in the source GP record. All systems that allow the use of GP Connect must undergo a robust compliance process.
All organisations applying to use GP Connect must comply with the National Data Sharing Arrangement (NDSA) and end-user agreement that sets out their responsibilities and confidentiality obligations. Further information is available at the following link:
https://digital.nhs.uk/services/gp-connect/national-data-sharing-arrangement-for-gp-connect
The NDSA and its terms and conditions stipulate that any information received or accessed about a patient for direct care purposes must remain confidential.
NHS England has published a Privacy Notice and a Data Protection Impact Assessment for GP Connect, which can be found, respectively, at the following two links:
https://digital.nhs.uk/services/gp-connect/gp-connect-in-your-organisation/gp-connect-privacy-notice